Holes in Leopard’s firewall

Although Apple is selling its new Mac OS X Leopard operating system on its improved security, researchers at Heise Security have already found fault with its firewall.

Leopard upgraders should be aware of this - while it’s easy to turn the Firewall back on, it is an oversight that Apple will need to address.

(Via CNET.com) Read more

Is there really such a thing as “unbreakable” encryption?

Russian-based ‘password recovery’ company Elcomsoft has pressed the GPU into the service of password cracking.

While this may be small stuff compared to the ‘Storm Worm’ network, which potentially might have millions of compromised Windows PCs at its disposal, this puts brute-force password cracking within easy reach of the masses… which simply reinforces the fact that NOTHING on your computer is ever really completely ’safe’.

(Via ArsTechnica & TechRepublic) Read more

It’s time to install virtual throw-away PCs

I give up. You should too. It’s time to stop trying to secure users’ web browsers, and instead just throw them away. We can’t stop users from clicking on the wrong links or going to compromised websites. We can’t eliminate drive-by worm infections or block zero-day rootkits. But thanks to virtualisation, we can flush them all away.

I have been saying this in my consulting role for a while now - Frank Hayes is exactly right. Whoever is the first to productise this in a way that is easy and straightforward for users and Admins alike will do very, very well… Watch this space!

(Via Computerworld.co.nz.) Read more